[FS#1358] Wireguard interface and the wrong route to the ip of the peer

LEDE Bugs lede-bugs at lists.infradead.org
Tue Feb 13 18:53:40 PST 2018 

A new Flyspray task has been opened.  Details are below. 

User who did this - Francesco Bonanno (mibofra) 

Attached to Project - OpenWrt/LEDE Project
Summary - Wireguard interface and the wrong route to the ip of the peer
Task Type - Bug Report
Category - Packages
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Medium
Priority - Very Low
Reported Version - Trunk
Due in Version - Undecided
Due Date - Undecided
Details - I am using trunk version of openwrt in two routers. Everything up-to-date

Try to setup wireguard with uci or luci, and put the address of the other peer in the configuration.
The result is that when the interface is set up, it is set up a route to the ip of the peer, arbitrarily, to a router in lan.

Why I am saying arbitrarily? Because on a router I have a lan, and it is assigned the lan router. On another router I have to lans, and it is assigned the router of the second lan
I really have to try with three lans...

So, for example I am playing with it, with two openwrt clients (the openwrt routers). 192.168.219.13 is the address of peer 1 and 192.168.219.18 of peer 2. That is the result:

- on peer 1, when the wireguard interface goes up: 192.168.219.18 via 192.168.42.1 dev br-lan2  proto static 

- on peer 2, when the wireguard interface goes up: 192.168.219.13 via 192.168.34.2 dev br-lan  proto static

The route of the openvpn network is: 192.168.219.0/24 dev tun0  proto kernel  scope link  src 192.168.219.13 (on peer 1, src 192.168.219.18 on peer 2)
The result is that after the set up of the wireguard interface, both can see the whole network, but not each other, because they are searching them on the lans...

For this reason, I address the netifd helper of wireguard, because it is duty of netifd to bring up the interface, but I really have to verify the source code of the helper.

I guess it is a bug, if not, why decide to create another route for the peer? I think obviously if you want to setup the vpn, at lease the peers can see each other through an interface. Whatever the kind of the interface (pptp interface, tun, tap, pigeons with ip on qrcodes...) and the network (lan, wan, vpn...). 
So this make for me nosense to add another route for the peer. If need, or you can ad another option, with the possibility to completely set up the route for the ip of the peer, or I think it is sufficient to add a static route with uci/luci or manually, to reach the same goal.

I really hope that I am not the only one with this bug, and I really hope that will be repeatable to check it.

Thanks in advance!

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=1358

More information about the lede-bugs mailing list